The most common, and therefore worst, password of 2013 was “123456.” “Password” fell to number two for the first time since SplashData started tracking passwords on the Internet. Rounding out the top five are “12345678,” “qwerty,” and “abc123.”

SplashData creates its annual list of worst passwords by looking through millions of stolen passwords posted online in the previous year. The massive breach suffered by Adobe in November 2013 influenced the list, with “adobe123″ taking the number 10 spot. “Photoshop” ranked 15th.

Several common passwords are simply random words and phrases, such as “monkey,” “iloveyou,” “shadow,” and “sunshine.”

“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” Morgan Slain, CEO of SplashData, said in a statement.

The company advises that people and businesses with vulnerable passwords change them right away. Coming up with a secure password is not as easy as using mixed characters, according to SplashData. It’s best to come up with a string of random words separated by spaces or other characters. SplashData used “cakes years birthday” and “smiles_light_skip?” as examples. No matter how strong the password, it should not be used on multiple accounts.

And in a plug for the company’s product, SplashData suggested people use a password manager if they struggle to keep all their passwords straight. Its SplashID Safe is available for Mac and Windows.